General
-
Target
GrayWolf.exe
-
Size
5.4MB
-
MD5
fc880e4806da9ef322b4918ad89880bd
-
SHA1
a359064fce75722488038c4316deb7354cef87b5
-
SHA256
608e5234a2745f72909b5e002176149df66e39c36217fcc4826f13dba9e0153e
-
SHA512
ea43f38145b4493a0a2ed5a7fa6997dd86573530a479e7593928629f74106430e2e45ee15e156f6f3c648d164d909db0591fb0407034037e79d3175b146471da
-
SSDEEP
49152:DF/5OwXqsw+mw6j4w6SAZplWz3SUcSUWrXxRyJQfSqF6kr3Az0L:D/B0rQgCUcSUWOv98JL
Score
10/10
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
-
Neshta family
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
GrayWolf.exe
Headers
Sections